u/Immujtaba44

After seeing how many teams share network logs that

accidentally expose auth tokens and passwords, I built

an HTTP inspector that actually thinks about security.

What makes it different from chucker_flutter and

chuck_interceptor:

🔒 Sensitive data masking toggle

Masks Authorization headers, passwords, tokens, CVV

fields automatically. Toggle it off in dev, keep it on

when sharing logs with QA. Safe to share screenshots.

📋 Copy as cURL

One tap generates a ready-to-paste cURL command from

any request. With or without masking. Paste straight

into terminal or Postman.

📤 Export options

Export as Postman Collection, plain text, or JSON.

Share with your backend team in one tap.

🔐 Security analysis per request

Each request gets analysed for: missing HSTS,

NSAllowsArbitraryLoads, sensitive data in URL params,

Basic auth usage, missing CSP.

🫧 Floating bubble

Optional draggable bubble that shows request count.

Tap to open inspector, long press for quick stats.

🔔 In-app notifications

Toast-style banner for every request — color coded

by status. Tap to jump straight to that request detail.

No flutter_local_notifications dependency.

Zero navigator conflicts

Does not require or conflict with your existing

navigatorKey. Works via its own Overlay — never

touches your navigation stack.

Auto-disabled in release builds.

Works with Dio, http, and Chopper.

Built with sealed classes throughout.

Would love feedback — especially from teams

working on banking or fintech apps where log

sharing is a real security concern.

Links in comments 👇

After years of Flutter development across fintech, banking apps and more,

I kept seeing the same release mistakes over and over — debuggable=true

left in manifests, hardcoded API keys, missing ProGuard config, test

coverage dropped without anyone noticing.

So I built a CLI tool that catches all of this before you submit to the store.

**What it does:**

Run one command in any Flutter project:

flutter_release_checklist run

It checks:

- Android manifest: debuggable=false in release config

- iOS plist: NSAllowsArbitraryLoads not enabled

- Hardcoded secrets: scans all .dart files for API keys, tokens, passwords

- ProGuard: rules file present and minifyEnabled=true

- Debug mode leaks: debugPrint() and kDebugMode in production code

- Flutter analyze: zero issues required

- Version bump: current version > last git tag

- Test coverage: configurable minimum threshold

- App icons: all required sizes present

- Dart-define leaks: secrets not committed in launch.json or .sh files

Outputs a clear pass/fail report with file + line numbers for failures.

Exit code 1 on failure so it blocks CI pipelines automatically.

Works with GitHub Actions, Codemagic, and Fastlane out of the box.

pub.dev: https://pub.dev/packages/flutter\_release\_checklist

GitHub: https://github.com/iammujtaba44/flutter_release_checklist

Would love feedback — especially on checks you wish existed that aren't there yet.